The next thing will be to check your database, Look at the date of the users registration, in the users table, check the 'user_registered' field, it'll let you know when your install was compromised (Assuming you didn't delete the user).

Finally, As long as this user wasn't registered -after- you upgraded to 3.0.4, it's likely that this was a hole in an older version of WordPress which has since been patched up.

Closing as invalid purely due to the fact that this would've happened prior to the 3.0.4 upgrade (Please email security at wordpress.org if you have a reason to believe it's a current threat, along with as much detail of the previous version of WordPress in use, the user registered details, any server logs which relate to it, and anything else you can gather).